Last active
August 19, 2021 01:39
-
-
Save latuminggi/81373bd98dfae8ce3b3ee78f2ca984f0 to your computer and use it in GitHub Desktop.
Install Let's Encrypt with ACME.sh in Nginx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Install Let's Encrypt with ACME.sh in Nginx ### | |
| # clone acme (as root) | |
| git clone https://github.com/acmesh-official/acme.sh.git && \ | |
| cd acme.sh && \ | |
| ./acme.sh --install -m [email protected] | |
| # create cert ---------------------------------------------------------------------- | |
| # acme.sh is an alias for /root/.acme.sh/acme.sh | |
| # webroot mode (easiest way) | |
| # you must have access to /path/to/www | |
| # and is accessible for domain.com/.well-known | |
| # in nginx server block, put directive below | |
| # location /.well-known { root /path/to/www; } | |
| # adjust --reloadcmd | |
| acme.sh --issue --force -w /path/to/www -d domain.com -d www.domain.com && \ | |
| acme.sh --install-cert -d domain.com -d www.domain.com \ | |
| --key-file /path/to/cert/domain.com/privatekey.pem \ | |
| --fullchain-file /path/to/cert/domain.com/fullchain.pem \ | |
| --reloadcmd "service nginx reload" | |
| # wildcard mode (dns validation) | |
| # please read carefully reference below | |
| # https://github.com/acmesh-official/acme.sh/wiki/dnsapi | |
| # adjust --dns with one of dns api provided (or dns alias) | |
| # adjust --reloadcmd | |
| acme.sh --issue --force -d '*.domain.com' -d domain.com --dns dns_dgon && \ | |
| acme.sh --install-cert -d '*.domain.com' \ | |
| --key-file /path/to/cert/domain.com/privatekey.pem \ | |
| --fullchain-file /path/to/cert/domain.com/fullchain.pem \ | |
| --reloadcmd "service nginx reload" | |
| # renew cert (force) --------------------------------------------------------------- | |
| # just modify create cert command above flag --issue | |
| # and change it with renew cert command flag --renew | |
| # and do NOT forget to include command --install-cert | |
| # fix curl issue ------------------------------------------------------------------- | |
| # if you have issue resolving hostname e.g. acme-v02.api.letsencrypt.org | |
| # try manually add its ip address from ping/host command into file /etc/hosts | |
| # or you can try add it use the following command statement: | |
| echo "$(getent ahostsv4 acme-v02.api.letsencrypt.org | awk '{print $1}' | head -1) \ | |
| acme-v02.api.letsencrypt.org" >> /etc/hosts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment